Wednesday, December 21, 2016

Providing admin access to OneDrive for Business

When a new Office 365 user is created they normally get provisioned with their own OneDrive for Business location. This is basically a dedicated SharePoint Site Collection per user into which they can upload and share their own private documents.

Each user is the only Site Collection administrator for their own OneDrive for Business location. This means, by default, even a global administrator doesn’t have access to a users OneDrive for Business location.

Of course, in a business, there can be the need for others to have admin access to a users OneDrive for Business, typically for compliance or even once the user has left the organisation. There are a number of ways of granting this access.

All of these methods will require you to have SharePoint administration rights in your tenant and then navigate to the SharePoint admin center.

Probably the easiest way to gain access to any existing user OneDrive for Business is simply to assign the appropriate administration user Secondary Site Collection rights to the site:

http://<tenant name>-my.sharePoint.com

You do that by firstly selecting the appropriate site in your list from the available Site Collections like so:

Once you place a check mark to the left of the OneDrive for Business Site Collections you will see a number of buttons become available to you on the Ribbon Menu across the top.

Select the Owners button.

Then select the Manage Administrators from the menu that appears.

As with any SharePoint Site Collection, you’ll see both the Primary Site Collection Administrator as well as any Secondary Site Collection Administrators. Remember, you can only have one Primary but many Secondary Site Collections administrators. So add the desired user in as a Secondary Site Collection Administrator field and then select OK.

The permissions for all the user OneDrive for Business sites will now update and when complete the added user will be able to access all users OneDrive for Business locations (typically by navigating directly to that URL).

Another way to achieve the same result, but for new or deleted users, is to navigate to the user profiles area from the menu on the left hand side of the SharePoint admin center.

This will take you to the following screen:

Here select Setup My Sites from the My Site Settings group at the bottom of the page.

Scroll down the list of options until you find My Site Cleanup

Here you can again effectively enter a Secondary Site Collection Administrator but for OneDrive for Business Site Collections where the user has been deleted.

If you continue to scroll down you will find a section called My Site Secondary Admin.

Here you can again effectively enable an automatic Secondary Site Collection Administrator to be allocated to a OneDrive for Business location when a new user is created.

Although really a double up from the first option shown is also worthwhile doing as a backup to ensure you cater for all new and any deleted users

The final way is of course to use PowerShell to enable permissions on users OneDrive for Business but I’ll leave that for a future article.

Beware that by adding additional Site Collection Administrators to a users OneDrive for Business users may see these additional admins as already having access as shown above when they go to share documents. It is recommended that you communicate this to your users in advance so they are aware of their compliance requirements.

So, in summary, remember that by default only the user has access to their OneDrive for Business location. You can easily assign rights for other users to access a users OneDrive for Business information using the methods outlined above. Once these rights have been assigned you can navigate to these locations using the URL for each users individual OneDrive for Business location.